1. Use encryption.
Encryption is the first security measure, but many wireless access points (WAPs)
do not use encryption as a default. Although many WAP has Wired Equivalent
Privacy (WEP) protocol, but not enabled by default. WEP does have some holes in
security, and an experienced hacker can definitely open it, but it was still
better than no encryption at all. Be sure to set the WEP authentication method
to "shared key" rather than "open system". To "open system", he does not encrypt
data, but only authenticated client. Change the WEP key as often as possible,
and use 128-bit WEP compared with a 40-bit.
2. Use strong encryption.
Because of the weakness of existing weaknesses in WEP, it is advisable to use
Wi-Fi Protected Access (WPA) as well. To use WPA, WAP had to support. The client
side must also be able to support WPA tsb.
3. Change the default administrator password.
Most manufacturers use the same administrative password for all their products
WAP. Default passwords are generally already known by the hackers, which can
later be used to change the settings on your WAP. The first thing to do in the
configuration of a WAP is change the default password tsb. Use at least 8
characters, a combination of letters and numbers, and do not use the word word
in the dictionary.
4. Turn off SSID Broadcasting.
Service Set Identifier (SSID) is the name of the wireless network. By default,
the SSID of the WAP will be broadcast. This will make users easy to find the
network they will be, because the SSID will appear in the list of available
networks that exist in the wireless client. If the SSID is turned off, users
must first know its a bit SSID can be connected to the network page.
5. Turn off the WAP when not in use.
The way this one seems very simple, but some companies or individuals do it. If
we have users who only connect at certain times only, there is no reason to run
a wireless network at all times and provide the opportunity for intruders to
carry out his evil intentions. We can turn off access point when not in use.
6. Change the default SSID.
Factory provide a default SSID. Usefulness of the SSID broadcast is turned off
to prevent anyone else know the name of our network, but if you still use the
default SSID, will not be difficult to guess the SSID of our network.
7. Using MAC filtering.
Most WAP (not the cheap cheap of course) will allow us to use filter media
access control (MAC). This means we can make a "white list" of computers that
can access the computer wireless network, based on the MAC or physical address
in each network card pc. Connections from the MAC is not in the list will be
rejected.
This method is not always safe, because it is still possible for a hacker to do
packet sniffing that we transmit via the wireless network and get a valid MAC
address from one user, and then use it to make a spoof. But MAC filtering will
make it increasingly difficult an intruder who is still not good at really good.
8. Isolate the wireless network from the LAN.
To protect the cable from the internal network threats coming from the wireless
network, it would need to be made wireless DMZ or perimeter network is isolated
from the LAN. It means installing a firewall between the wireless network and
LAN.
And for the wireless client that requires access to the internal network, he
must first authenticate with the RAS server or use a VPN. This provides an extra
layer for protection.
9. Control the wireless signal
802.11b WAP transmits waves of up to about 300 feet. But this distance can be
added by replacing with a better antenna. By using high-gain antenna, we can get
a longer distance. Directional antenna will transmit the signal to a particular
direction, and emit are not circular as it happened in omnidirectional antennas
that are usually found on the WAP package setandard. In addition, by selecting
the appropriate antenna, we can control distance and direction signals to
protect themselves from intruders. In addition, there are several settings that
can be WAP signal strength and direction through the WAP config page.
10. Emit waves at different frequencies.
One way to hide from hackers who often use technologies 802.11b / g, which is
more popular is to use 802.11a. Because 802.11a works on different frequencies
(ie in the frequency of 5 GHz), NICs are designed to work on technology that is
popular not be able to capture the signals.
No comments:
Post a Comment
Leave your message here...